Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-t18w-rg4b-fqea

Summary

Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module
Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Aliases

alias	CVE-2023-3193

alias	GHSA-qxf6-mp24-52cv

Fixed_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u74

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u74

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-42k1-vb9z-3qe7

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-9hvg-h2ra-nbcc

vulnerability	VCID-c3ym-wtv5-hfhr

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ezpm-x3vx-zfe6

vulnerability	VCID-tqvb-a46r-jbf8

vulnerability	VCID-xe2v-j69t-d3h3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u74

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.75

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.75

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11qf-d5xp-4fey

vulnerability	VCID-1jgz-k7zp-uydp

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-292m-hgvs-93ey

vulnerability	VCID-2bcr-bxek-skfq

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-2mtb-mdha-qufv

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-5732-ffyz-9fh5

vulnerability	VCID-5bex-xcub-3qhr

vulnerability	VCID-5nq8-gsav-5ffq

vulnerability	VCID-68yp-31d3-zbay

vulnerability	VCID-6yrk-8tj5-juhp

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-b24q-c9nx-hkdy

vulnerability	VCID-brjh-tyur-ebc8

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-ce9p-rwsz-zkf6

vulnerability	VCID-d56y-s4zt-uyd7

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ej5y-geq1-pkfn

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-hvpx-y297-sbha

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-mbd8-z3ry-cqap

vulnerability	VCID-mf9a-eusx-f3gb

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-pf71-p73a-xyda

vulnerability	VCID-qy5u-7m7g-4ben

vulnerability	VCID-r363-kggk-k3ds

vulnerability	VCID-rns1-e6pd-tkex

vulnerability	VCID-rs2y-3c75-uycm

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-su57-hncy-5qg4

vulnerability	VCID-sw28-urg9-tqgd

vulnerability	VCID-tf5n-etq9-2bg1

vulnerability	VCID-turp-jxv8-1fgy

vulnerability	VCID-uun9-ctyg-k3d9

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

vulnerability	VCID-xn1n-5rgc-83bg

vulnerability	VCID-y1wd-arvg-2ugt

vulnerability	VCID-ynk1-3fye-bfcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.75

Affected_packages

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u70

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-42k1-vb9z-3qe7

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-9hvg-h2ra-nbcc

vulnerability	VCID-c3ym-wtv5-hfhr

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ezpm-x3vx-zfe6

vulnerability	VCID-t18w-rg4b-fqea

vulnerability	VCID-tqvb-a46r-jbf8

vulnerability	VCID-xe2v-j69t-d3h3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u70

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u71

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u71

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-42k1-vb9z-3qe7

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-9hvg-h2ra-nbcc

vulnerability	VCID-c3ym-wtv5-hfhr

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ezpm-x3vx-zfe6

vulnerability	VCID-t18w-rg4b-fqea

vulnerability	VCID-tqvb-a46r-jbf8

vulnerability	VCID-xe2v-j69t-d3h3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u71

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u72

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u72

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-42k1-vb9z-3qe7

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-9hvg-h2ra-nbcc

vulnerability	VCID-c3ym-wtv5-hfhr

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ezpm-x3vx-zfe6

vulnerability	VCID-t18w-rg4b-fqea

vulnerability	VCID-tqvb-a46r-jbf8

vulnerability	VCID-xe2v-j69t-d3h3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u72

url pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u73

purl pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u73

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-42k1-vb9z-3qe7

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-9hvg-h2ra-nbcc

vulnerability	VCID-c3ym-wtv5-hfhr

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ezpm-x3vx-zfe6

vulnerability	VCID-t18w-rg4b-fqea

vulnerability	VCID-tqvb-a46r-jbf8

vulnerability	VCID-xe2v-j69t-d3h3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u73

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.70-ga70

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.70-ga70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-t18w-rg4b-fqea

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.70-ga70

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.71

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.71

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11qf-d5xp-4fey

vulnerability	VCID-1jgz-k7zp-uydp

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-292m-hgvs-93ey

vulnerability	VCID-2bcr-bxek-skfq

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-2mtb-mdha-qufv

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-5732-ffyz-9fh5

vulnerability	VCID-5bex-xcub-3qhr

vulnerability	VCID-5nq8-gsav-5ffq

vulnerability	VCID-68yp-31d3-zbay

vulnerability	VCID-6yrk-8tj5-juhp

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-b24q-c9nx-hkdy

vulnerability	VCID-brjh-tyur-ebc8

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-ce9p-rwsz-zkf6

vulnerability	VCID-d56y-s4zt-uyd7

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ej5y-geq1-pkfn

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-hvpx-y297-sbha

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-mbd8-z3ry-cqap

vulnerability	VCID-mf9a-eusx-f3gb

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-pf71-p73a-xyda

vulnerability	VCID-qy5u-7m7g-4ben

vulnerability	VCID-r363-kggk-k3ds

vulnerability	VCID-rns1-e6pd-tkex

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-sw28-urg9-tqgd

vulnerability	VCID-t18w-rg4b-fqea

vulnerability	VCID-tf5n-etq9-2bg1

vulnerability	VCID-turp-jxv8-1fgy

vulnerability	VCID-uun9-ctyg-k3d9

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

vulnerability	VCID-xn1n-5rgc-83bg

vulnerability	VCID-y1wd-arvg-2ugt

vulnerability	VCID-ynk1-3fye-bfcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.71

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.72

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.72

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11qf-d5xp-4fey

vulnerability	VCID-1jgz-k7zp-uydp

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-292m-hgvs-93ey

vulnerability	VCID-2bcr-bxek-skfq

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-2mtb-mdha-qufv

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-5732-ffyz-9fh5

vulnerability	VCID-5bex-xcub-3qhr

vulnerability	VCID-5nq8-gsav-5ffq

vulnerability	VCID-68yp-31d3-zbay

vulnerability	VCID-6yrk-8tj5-juhp

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-b24q-c9nx-hkdy

vulnerability	VCID-brjh-tyur-ebc8

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-ce9p-rwsz-zkf6

vulnerability	VCID-d56y-s4zt-uyd7

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ej5y-geq1-pkfn

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-hvpx-y297-sbha

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-mbd8-z3ry-cqap

vulnerability	VCID-mf9a-eusx-f3gb

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-pf71-p73a-xyda

vulnerability	VCID-qy5u-7m7g-4ben

vulnerability	VCID-r363-kggk-k3ds

vulnerability	VCID-rns1-e6pd-tkex

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-sw28-urg9-tqgd

vulnerability	VCID-t18w-rg4b-fqea

vulnerability	VCID-tf5n-etq9-2bg1

vulnerability	VCID-turp-jxv8-1fgy

vulnerability	VCID-uun9-ctyg-k3d9

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

vulnerability	VCID-xn1n-5rgc-83bg

vulnerability	VCID-y1wd-arvg-2ugt

vulnerability	VCID-ynk1-3fye-bfcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.72

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.73

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.73

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11qf-d5xp-4fey

vulnerability	VCID-1jgz-k7zp-uydp

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-292m-hgvs-93ey

vulnerability	VCID-2bcr-bxek-skfq

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-2mtb-mdha-qufv

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-5732-ffyz-9fh5

vulnerability	VCID-5bex-xcub-3qhr

vulnerability	VCID-5nq8-gsav-5ffq

vulnerability	VCID-68yp-31d3-zbay

vulnerability	VCID-6yrk-8tj5-juhp

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-b24q-c9nx-hkdy

vulnerability	VCID-brjh-tyur-ebc8

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-ce9p-rwsz-zkf6

vulnerability	VCID-d56y-s4zt-uyd7

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ej5y-geq1-pkfn

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-hvpx-y297-sbha

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-mbd8-z3ry-cqap

vulnerability	VCID-mf9a-eusx-f3gb

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-pf71-p73a-xyda

vulnerability	VCID-qy5u-7m7g-4ben

vulnerability	VCID-r363-kggk-k3ds

vulnerability	VCID-rns1-e6pd-tkex

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-sw28-urg9-tqgd

vulnerability	VCID-t18w-rg4b-fqea

vulnerability	VCID-tf5n-etq9-2bg1

vulnerability	VCID-turp-jxv8-1fgy

vulnerability	VCID-uun9-ctyg-k3d9

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

vulnerability	VCID-xn1n-5rgc-83bg

vulnerability	VCID-y1wd-arvg-2ugt

vulnerability	VCID-ynk1-3fye-bfcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.73

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.74

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.74

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11qf-d5xp-4fey

vulnerability	VCID-1jgz-k7zp-uydp

vulnerability	VCID-1me4-suy5-ayhq

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-292m-hgvs-93ey

vulnerability	VCID-2bcr-bxek-skfq

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-2mtb-mdha-qufv

vulnerability	VCID-3hm3-htje-akgd

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-5732-ffyz-9fh5

vulnerability	VCID-5bex-xcub-3qhr

vulnerability	VCID-5nq8-gsav-5ffq

vulnerability	VCID-68yp-31d3-zbay

vulnerability	VCID-6yrk-8tj5-juhp

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-9epf-zkmr-67a6

vulnerability	VCID-b24q-c9nx-hkdy

vulnerability	VCID-brjh-tyur-ebc8

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-ce9p-rwsz-zkf6

vulnerability	VCID-d56y-s4zt-uyd7

vulnerability	VCID-e5h2-wvws-3yhq

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-ej5y-geq1-pkfn

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-hvpx-y297-sbha

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-mbd8-z3ry-cqap

vulnerability	VCID-mf9a-eusx-f3gb

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-pf71-p73a-xyda

vulnerability	VCID-qy5u-7m7g-4ben

vulnerability	VCID-r363-kggk-k3ds

vulnerability	VCID-rns1-e6pd-tkex

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-sw28-urg9-tqgd

vulnerability	VCID-t18w-rg4b-fqea

vulnerability	VCID-tf5n-etq9-2bg1

vulnerability	VCID-turp-jxv8-1fgy

vulnerability	VCID-uun9-ctyg-k3d9

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

vulnerability	VCID-xn1n-5rgc-83bg

vulnerability	VCID-y1wd-arvg-2ugt

vulnerability	VCID-ynk1-3fye-bfcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.74

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3193

reference_id

reference_type

scores

value	0.00225
scoring_system	epss
scoring_elements	0.45329
published_at	2026-06-05T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45287
published_at	2026-06-08T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45313
published_at	2026-06-07T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45333
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3193

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3193?p_r_p_assetEntryId=121861662&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121861662%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3193

reference_id

cve-2023-3193

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:42:06Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3193

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-3193

reference_id

CVE-2023-3193

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-3193

reference_url

https://github.com/advisories/GHSA-qxf6-mp24-52cv

reference_id

GHSA-qxf6-mp24-52cv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qxf6-mp24-52cv

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t18w-rg4b-fqea

Vulnerability Instance